10000 matches found
CVE-2026-14372 Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parameter
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...
CVE-2026-9240 Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX action
The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...
CVE-2026-12433 Hydra Booking <= 1.2.1 - Authenticated (Custom+) Insecure Direct Object Reference to Sensitive Information Exposure via 'booking_id' Parameter
The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...
CVE-2026-12433
The CVE describes a vulnerability in the Hydra Booking WordPress plugin (versions up to 1.2.1) where an Insecure Direct Object Reference in the /wp-json/hydra-booking/v1/booking/details/{id} endpoint allows authenticated hosts with the tfhb_manage_options capability to view booking records from o...
CVE-2026-13011
The affected product is the ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress. It is vulnerable to a generic SQL Injection via the 'orderby' parameter in all versions up to and including 1.17.5, caused by insufficient escaping of user input...
CVE-2026-13011 ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support <= 1.17.5 - Authenticated (HR Manager+) SQL Injection via 'orderby' Parameter
The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-13771
The Customer Reviews for WooCommerce plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability via the color shortcode attribute in all versions up to 5.113.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contri...
CVE-2026-12170 AcyMailing <= 10.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alignment' Attribute
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...
CVE-2026-14343 Download Manager <= 3.3.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'notebefore' and 'noteafter' Shortcode Attributes in all versions up to, and including, 3.3.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-12170
The CVE concerns the AcyMailing WordPress plugin (all versions up to 10.10.2) vulnerability to Stored Cross-Site Scripting via the alignment attribute, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enablin...
CVE-2026-13253 Post Grid Gutenberg Blocks for News, Magazines, Blog Websites <= 5.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'moreResultsText' Block Attribute
The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...
CVE-2026-4653 Block, Suspend, Report for BuddyPress <= 3.6.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link' Parameter
The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter in versions up to and including 3.6.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
EUVD-2026-42496
In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's...
CVE-2025-45422
The CVE-2025-45422 entry concerns Proximus b-box v8c.725A and describes an Incorrect access control vulnerability. According to the sources, authenticated attackers can bypass normal restrictions and make arbitrary changes to port forwarding rules. The NVD metrics indicate a CVSS 3.1 base score o...
CVE-2026-60102 Horde VFS < 3.0.1 OS Command Injection via Horde_Vfs_Smb Driver
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
CVE-2026-60102
The vulnerability is in Horde VFS API before 3.0.1, specifically the Horde_Vfs_Smb driver. The _escapeShellCommand() function fails to sanitize command substitution, allowing authenticated attackers to inject arbitrary shell commands via user-controlled filenames. Malicious filenames containing u...
EUVD-2026-42340
Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...
EUVD-2026-42314
AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...
EUVD-2026-42251
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...